Bug Exploited to Track Android Phone Users Until Last Year
TikTok was reportedly tracking Android phones by exploiting a security flaw. The video-sharing app TikTok tracked users by the device’s MAC address, with no option for users to opt-out, according to a report from the Wall Street Journal.
TikTok exploited an Android security flaw to skirt around Google security policies that prevent an app from tracking a devices’ MAC address.
TikTok is a video sharing mobile app available for Android and iPhone users. The app is owned by Beijing based company ByteDance. On TikTok users upload short form videos up to 60 seconds long. Popular content topics include dance videos, cooking, comedy, DIY tutorials, and even some news.
TikTok has been under scrutiny for allegations of sharing user data with the Chinese government . Although there is no evidence to substantiate these claims, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) announced yesterday that the agency is investigating TikTok over its data sharing practices.
TikTok Banned in Some Countries
TikTok has been banned in India for all citizens and Army personnel. This mandate came on the heels of a border skirmish between China and India in the Himalayan mountains.
US President Trump signed an executive order last week that will sanction ByteDance and ban TikTok for all US citizens starting on 20 September. No US based business will be allowed to conduct business with ByteDance after that date. However, if a controlling stake in ByteDance is sold to a US company, Trump says he will rescind the executive order.
TikTok was banned for use on all US government owned phones last December.
What is a MAC Address?
MAC stands for Media Access Control. It is a unique identifier that all electronic devices like smartphones, laptops, smart TVs, routers, etc. have. That identifier permanently identifies an electronic device and is generally never changed. It can be exploited to track a device and by default the person who has it, across all of their internet activity and physical location.
Google block apps from reading a device’s MAC address. The app used encryption to work around this block.
How to find MAC address on Android
Locate the MAC Address of an Android phone.
- Open your phone and tap the Settings button
- Scroll down and select About Phone
- Scroll down and tap Status
- Your device’s MAC Address is shown under the Wi-Fi MAC address section
TikTok stopped using this exploit last year according to the WSJ report. “The current version of TikTok does not collect MAC addresses” said ByteDance in a statement.